Binary Authorization

Binary Authorization is a deploy-time security control that ensures only trusted container
images are deployed on Google Kubernetes Engine (GKE). With Binary Authorization, you can
require images to be signed by trusted authorities during the development process and then
enforce signature validation when deploying. By enforcing validation, you can gain tighter
control over your container environment by ensuring only verified images are integrated
into the build-and-release process.

Enforce standardized container release practices

Using Binary Authorization, DevOps teams can gain assurance that only explicitly authorized
container images will be deployed to GKE. By verifying images prior to
deployment, you can reduce the risk of unintended or malicious code running in your
environment.

Put proactive security measures in place

Binary Authorization helps DevOps teams implement a proactive container security posture by
ensuring only verified containers are admitted into the environment and that they remain
trusted during runtime.

Native GCP integration

Binary Authorization integrates with the GKE control plane to allow or block
image deployment based on the policies that you define. You can also leverage integrations
with Cloud Build and Container Registry Vulnerability Scanning to enable
deploy-time controls based on build information and vulnerability findings.

Binary Authorization features

Policy creation

Define policies at the project and cluster levels based on the security requirements of
your organization. Create distinct policies for multiple environments
(e.g., production and test) in addition to CI/CD setups.

Cloud Security Command Center integration

View results for policy violations as part of your single pane of glass for security in
Cloud Security Command Center (CSCC). Explore events such as failed deploy attempts due to
policy restriction, or breakglass workflow activities.

Audit logging

Maintain a record of all policy violations and failed deployment attempts using
Cloud Audit Logging.